This kubectl plugin extends the Datree CLI's capabilities to allow scanning resources within your cluster for misconfigurations.
This plugin supports MacOS and Linux.
kubectl krew install datree
/bin/sh manual_install.sh
(an administrator password will be required to complete the installation). kubectl datree test [datree CLI args] -- [options]
Arguments:
datree CLI args:
This plugin supports all of the Datree CLI arguments: https://hub.datree.io/cli-arguments
options:
[-n <namespace>] Test all resources in the cluster belonging to the specified namespace
[--all] Test all resources in the cluster
When using '--all', you can specify namespaces to exclude using '--exclude <namespace> --exclude <namespace2>'
[<resource type> <resource name> <namespace>] Test a single resource in the cluster
Running 'kubectl datree test' with no arguments is equivalent to 'kubectl datree test -- -n default'
The plugin supports the following resource types:
:warning: When running against a given namespace, only resources of these types will be checked.
The following command will fetch all resources within the namespace exmpl
, and execute a policy check against them:
kubectl datree test -- -n exmpl
The following command will fetch the resource of kind Service named myAwesomeService
in namespace mySweetNamespace
, and execute a policy check against it using k8s schema version 1.22.0:
kubectl datree test -s "1.22.0" -- service myAwesomeService mySweetNamespace
The following command will fetch all resources from all namespaces in the cluster except for 'default':
kubectl datree test -- --all --exclude default
Example test with no misconfigurations: